package com.ruoyi.framework.web.service;

import javax.annotation.Resource;

import com.ruoyi.common.constant.RegexConstant;
import com.ruoyi.common.exception.user.*;
import com.ruoyi.common.utils.SecurityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import com.ruoyi.common.constant.CacheConstants;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.core.redis.RedisCache;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.MessageUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.ip.IpUtils;
import com.ruoyi.framework.manager.AsyncManager;
import com.ruoyi.framework.manager.factory.AsyncFactory;
import com.ruoyi.framework.security.context.AuthenticationContextHolder;
import com.ruoyi.system.service.ISysConfigService;
import com.ruoyi.system.service.ISysUserService;

import java.util.Calendar;
import java.util.Objects;

/**
 * 登录校验方法
 * 
 * @author ruoyi
 */
@Component
public class SysLoginService
{
    @Autowired
    private TokenService tokenService;

    @Resource
    private AuthenticationManager authenticationManager;

    @Autowired
    private RedisCache redisCache;
    
    @Autowired
    private ISysUserService userService;

    @Autowired
    private ISysConfigService configService;

//    private final String verifyPassword = "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[\\W_]).{9,}$";

    /**
     * 登录验证
     * 
     * @param username 用户名
     * @param password 密码
     * @param code 验证码
     * @param uuid 唯一标识
     * @return 结果
     */
    public String login(String username, String password, String code, String uuid)
    {
        // 验证码校验
        validateCaptcha(username, code, uuid);
        // 登录前置校验
        loginPreCheck(username, password);
        // 用户验证
        Authentication authentication = null;
        try
        {
            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
            AuthenticationContextHolder.setContext(authenticationToken);
            // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
            authentication = authenticationManager.authenticate(authenticationToken);
        }
        catch (Exception e)
        {
            if (e instanceof BadCredentialsException)
            {
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
                throw new UserPasswordNotMatchException();
            }
            else
            {
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
                throw new ServiceException(e.getMessage());
            }
        }
        finally
        {
            AuthenticationContextHolder.clearContext();
        }
        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        recordLoginInfo(loginUser.getUserId());
        //登录成功之后，将登录失败次数修改为0
        SysUser user = userService.selectUserByUserName(username);
        user.setLoginErrorCount(0);
        userService.updateUser(user);
        // 生成token
        return tokenService.createToken(loginUser);
    }

    /**
     * 校验验证码
     * 
     * @param username 用户名
     * @param code 验证码
     * @param uuid 唯一标识
     * @return 结果
     */
    public void validateCaptcha(String username, String code, String uuid)
    {
        boolean captchaEnabled = configService.selectCaptchaEnabled();
        if (captchaEnabled)
        {
            String verifyKey = CacheConstants.CAPTCHA_CODE_KEY + StringUtils.nvl(uuid, "");
            String captcha = redisCache.getCacheObject(verifyKey);
            if (captcha == null)
            {
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire")));
                throw new CaptchaExpireException();
            }
            redisCache.deleteObject(verifyKey);
            if (!code.equalsIgnoreCase(captcha))
            {
                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error")));
                throw new CaptchaException();
            }
        }
    }

    /**
     * 登录前置校验
     * @param username 用户名
     * @param password 用户密码
     */
    public void loginPreCheck(String username, String password)
    {
        // 用户名或密码为空 错误
        if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password))
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("not.null")));
            throw new UserNotExistsException();
        }
        // 先找到username对应的用户对象
        SysUser user = userService.selectUserByUserName(username);
        //如果用户不存在，反馈用户不存在
        if (Objects.isNull(user)) {
            throw new UserNotExistsException();
        }

        // 如果当前时间不在锁定时间之后，即，当前账号还是锁定状态，将当前状态修改为异常
        // 取出当前用户的锁定时间判断是否在当前时间之后,如果在当前时间之后，则锁定
        if (user.getLockTime().after(DateUtils.getNowDate())){
            user.setStatus(UserConstants.ROLE_DISABLE);
        }else {
            user.setStatus(UserConstants.ROLE_NORMAL);
        }
        //todo:这边可以优化一下,先判断用户的状态是否和要设置的状态一致，不一致再修改，减少于数据库的交互
        userService.updateUser(user);

        // 验证用户的状态是否正常，如果是锁定状态直接抛出异常。
        if (UserConstants.ROLE_DISABLE.equals(user.getStatus())){
            throw new UserException("user.status.not.normal",null);
        }

        // 验证用户的错误登录次数，如果大于等于5，则锁定账户，重置错误登录次数，并抛出异常。
        if (user.getLoginErrorCount()>=5){
            user.setStatus(UserConstants.ROLE_DISABLE);
            user.setLoginErrorCount(0);
            //修改锁定时间为1小时
//            user.setLockTime(DateUtils.getNowDate());
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(DateUtils.getNowDate());
            calendar.add(Calendar.HOUR_OF_DAY, 1);
            user.setLockTime(calendar.getTime());
            userService.updateUser(user);
            throw new UserException("user.status.not.normal", null);
        }
        // 密码不符合要求，登录失败
        if(!password.matches(RegexConstant.VERIFY_PASSWORD)){
            throw new UserException("user.password.not.valid",null);
        }

        //密码和数据库中密码不一致
        //修改登录失败次数
        if (!SecurityUtils.matchesPassword(password,user.getPassword())){
            // 在注册的时候将用户的loginErrorCount设置为0，不然数据库中是null，还要在这边判断一下
            // 已经在数据库中添加默认值为0

            int loginErrorCount = user.getLoginErrorCount();

            user.setLoginErrorCount(loginErrorCount+1);
            int newLoginErrorCount = user.getLoginErrorCount();
            Object[] args = {newLoginErrorCount};
            userService.updateUser(user);
            throw new UserException("user.password.retry.limit.count",args);
        }
        //如果当前时间在强制修改密码时间之后，则抛出异常，让用户强制修改密码
        if (user.getForceUpdatePasswordTime().before(DateUtils.getNowDate())){
            throw new UserException("user.force.update.password",null);
        }

        // 密码如果不在指定范围内 错误
        if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
                || password.length() > UserConstants.PASSWORD_MAX_LENGTH)
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
            throw new UserPasswordNotMatchException();
        }
        // 用户名不在指定范围内 错误
        if (username.length() < UserConstants.USERNAME_MIN_LENGTH
                || username.length() > UserConstants.USERNAME_MAX_LENGTH)
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
            throw new UserPasswordNotMatchException();
        }
        // IP黑名单校验
        String blackStr = configService.selectConfigByKey("sys.login.blackIPList");
        if (IpUtils.isMatchedIp(blackStr, IpUtils.getIpAddr()))
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("login.blocked")));
            throw new BlackListException();
        }
    }

    /**
     * 记录登录信息
     *
     * @param userId 用户ID
     */
    public void recordLoginInfo(Long userId)
    {
        SysUser sysUser = new SysUser();
        sysUser.setUserId(userId);
        sysUser.setLoginIp(IpUtils.getIpAddr());
        sysUser.setLoginDate(DateUtils.getNowDate());
        userService.updateUserProfile(sysUser);
    }
}
